2 August 2005 about rumint rumint is a prototype network PVR that captures packets in promiscuous mode and graphs them in interesting ways. Alternatively packet capture files may be loaded. I'm still working on direct integration of pcap files, but for the meantime I've created a file conversion utility. This tool is included on www.rumint.org. Sample rumint formatted data files are also available on the site. General Notes - rumint (room-int) stands for rumor intelligence, as in rumors in the network - I will post updates to www.rumint.org - it supports sets of up to 30,000 packets. - It runs on XP, >=98 probably OK but untested - you'll need 256MB of memory - It requires winpcap (I use 3.0) see http://www.winpcap.org/install/default.htm - It currently supports only Ethernet as the link layer protocol - Promiscuous mode packet capture may not be allowed/illegal on your network. Make sure you have full authority to use this tool on your network. - I make no warranty about this tool. It is provided as is. - It is provided for non-commercial use only. Commercial users please email me at conti@cc.gatech.edu Usage notes - Load a rumint formatted capture file from the file menu or capture live using the toolbars>capture menu. - The visualizations may be brought up using the view menu or clicking directly on the thumbnails on the main window. - Most visualization windows are resizable. -There are essentially two modes... you can load the file via the file>load menu or you can capture packets live from the network via the tools>capture menu. - you may need to select your adapter from the capture menu if you want to capture live packets - just click the thumbnail images on the toolbar to bring up the full size visualization windows - some background white papers on it can be found here... www.cc.gatech.edu/~conti To install... 1. Install winpcap 2. Run rumint's setup.exe To use for live capture... 1. Run program 2. Open the toolbars>capture menu and click start button 3. Check your email, browse the web etc. If you see lines appearing you are good to go. If not, check your adapter selection. 4. Use the toolbars>PVR menu to replay files. To use with capture files 1. Run program 2. Open the rumint formatted capture file using the file menu (to convert files see the next set of instructions) 3. Use the toolbars>PVR menu to replay files or just reload the file. To convert files from pcap to rumint... 1. compile and run pcap2rumint.c 2. usage... rumint2pcap pcap_source_file rumint_outfile If you have any questions feel free to fire them off. Feedback on what you liked or didn't like is also very welcome. Cheers, Greg www.cc.gatech.edu/~conti conti@cc.gatech.edu www.rumint.org